Hello all, I am new to openssl, so please go easy on me if you find my question stupid. But I am really confused by openssl documentation. my question is regarding the generation of CSRs i.e. Certificate Signing Requests.
As per the documentation, here is one way to generate a CSR Following command generates a private key stored in a file called domainname.key (1) openssl genrsa -out domainname.key 1024 And the following command generates a CSR, which stores the public key and the information about the company in the file called domainname.csr (2) openssl req -new -key domainname.key -out domainname.csr Now, from whatever I know about the public key cryptography, it is not possible to generate private key from the public key and vice versa. Both the keys can only be generated together through some algorithm. And there is no fundamental difference between the two keys. Any key from the pair can be designated as a public key and the counterpart as the private key. So what is happening here is that we are generating public key from the private key in command no (2). (Remember, public key is stored in domainname.csr). So if that is the case, then we can also generate private key given a public key. This is bizarre. Obviously I am missing something here. My only guess is that the file domainname.key as generated by command (1) stores BOTH public and private keys. That will make the whole game logical. Of course openssl documentation doesn't say so. So can somebody please explain the logic behind these commands. Or at least can somebody please confirm my observation? -- View this message in context: http://www.nabble.com/Confused-by-OpenSSL-tp23319693p23319693.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
